Add session constraint to certain routes #288
Description
This issue is imported from pivotal - Originaly created at Sep 2, 2024 by Pieter van der Meulen
For routes that require an active session I want an error logged when that session is not present. The error must distinguish between the situation where no session cookie was present in the request and when a session cookie was present in the request, but the session was not found in the session storage.
That idea is to add the possibility to adding a route constraint that indicate that a certain route must have an active session. If that constraint is not met, the matching controller action should not be applied and an error is logged as indicated above.
For routes where a session cookie may or may not be present it should be logged whether:
- A session cookie was present
- A valid session was present (i.e. the session was found in the session storage)
- When a new session was created
Can we add a mechanism to identify the session using a session ID that is safe to log and reveal? We can use this in https://www.pivotaltracker.com/n/projects/1163646/stories/188205232 and I think that this would be generally useful to have.
This session constraint / session logging will be useful for other OpenConext components as well.